Under EU data protection law, companies cannot transfer EU citizens' personal data to countries outside the EU deemed to have insufficient privacy safeguards, of which the United States is one.

During a planned meeting of European data protection authorities in Brussels on 2 February, attempts will be made to find a common position on which legal channels companies can use to shuffle personal data across the Atlantic.

While Washington and Brussels are in discussions regarding a new pact, businesses were given a three-month grace period in which they could set up alternative legal systems to transfer data across the Atlantic.

The US has submitted a package of proposals on a new deal this week which included a letter from the Secretary of Commerce Penny Pritzker, who suggested a new framework.

The new package could be submitted for approval by all 28 EU commissioners prior to the upcoming meeting, although it is expected that further details may need to be ironed out after that.

EU regulators have also been looking into the legality of alternative data transfer mechanisms and expect to reach a common position before 2 February.

"It is evident that we will sanction any transfers of personal data which are solely based on the old Safe Harbour decision," said Johannes Caspar, head of the Hamburg data protection authority in Germany.

He said a new Safe Harbour framework would have to include a number of legal safeguards such as an effective judicial review and independent oversight.